Vulnerabilities > Ruckuswireless > Zonedirector 1200 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2020-22658 Unspecified vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image.
network
low complexity
ruckuswireless
critical
 9.8
9.8
2023-01-20 CVE-2020-22657 Improper Authentication vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass.
network
low complexity
ruckuswireless CWE-287
critical
 9.1
9.1
2023-01-20 CVE-2020-22654 Unspecified vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error.
network
low complexity
ruckuswireless
critical
 9.8
9.8
2023-01-20 CVE-2020-22653 Unspecified vulnerability in Ruckuswireless products
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature.
network
low complexity
ruckuswireless
critical
 9.8
9.8
2020-01-23 CVE-2019-19838 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-23 CVE-2019-19839 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-22 CVE-2019-19840 Out-of-bounds Write vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request.
network
low complexity
ruckuswireless CWE-787
critical
 9.8
9.8
2020-01-22 CVE-2019-19841 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-22 CVE-2019-19842 OS Command Injection vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute.
network
low complexity
ruckuswireless CWE-78
critical
 9.8
9.8
2020-01-22 CVE-2019-19836 Improper Input Validation vulnerability in Ruckuswireless Unleashed and Zonedirector 1200 Firmware
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
network
low complexity
ruckuswireless CWE-20
critical
 9.8
9.8